>
> browser id, openid, and oauth are all authentication frameworks built
> on top of HTTP
>
OAuth is an authorization framework, not an authentication one. Please be
careful to make the distinction.
What we're looking at here is the need for an HTTP authentication system
that (for example) doesn't send reusable credentials, is less susceptible
to spoofing attacks, and so on.
Barry